Partnership aims to secure car ECUs against hacking attacks

June 14, 2016 //
By Graham Prophet

STMicroelectronics, and automotive software specialists ETAS and ESCRYPT, are orking together to streamline development of secure connected-car applications. They aim to apply their collective skills to offer a package for developing high-performance, safe, and secure automotive-embedded systems.

The resulting end-to-end solution protects against malicious attacks on the car’s Electronic Control Units (ECU) and secures communication among ECUs and the cloud; an AUTOSAR-compliant platform software is intended to assist OEM and Tier-1 application developers with time-to-market and standards-compliance.

The partnership is between STMicroelectronics, ETAS, provider of solutions for developing automotive embedded systems, and ESCRYPT, an ETAS subsidiary focused on security for embedded software; it will develop a complete platform comprising microcontrollers, software tools, and security solutions for automotive control units.

At the same time as the number of ECUs in a vehicle grows, cars are becoming connected to the cloud enabling over-the-air (OTA) software updates, remote diagnostics, and the forthcoming V2X communication. ST, ETAS and ESCRYPT aim to deliver a cost-effective platform for sub-system developers to create ECUs that ensure a high level of protection for vehicle-owners’ privacy, OEMs’ intellectual property, ECU functional integrity, and secure communication among the car’s ECUs and the cloud.

It will use the SPC58 series of power-efficient and real-time-capable automotive microcontrollers, which feature a built-in Hardware Security Module (HSM) as well as multiple state-of-the-art CAN FD interfaces, plus LIN, FlexRay, and Ethernet with time-stamping to implement both control units with a functional integrity check and an in-vehicle network with encrypted communication. This approach expands ST’s offering for connected-car defence, which also includes Secure Elements, or embedded SIMs (Subscriber Identity Modules), for protection against Internet-based attacks on ECUs and gateways that can steal personal data or compromise important vehicle systems.

“SPC58 automotive microcontrollers... have already been selected by a major Tier-1 supplier for a secure OTA (Over-The-Air) application that enables remote software fixes and upgrades without requiring customers to bring their vehicles to a repair garage,” ST commented.

ESCRYPT is contributing its expertise in secure ECU communication, including distribution of OTA software updates, and provides firmware and middleware for ECU developers to use the SPC58 HSM. Together, the HSM